Money Report

In partnership with CNBC
news

Vans owner VF Corp. shares tumble as it says cyberattack could hamper holiday fulfillment

By Rohan Goswami,CNBC and Drew Richardson,CNBC

Budrul Chukrut | LightRocket | Getty Images
  • Shares of VF Corp. tumbled after the company said it suffered a cybersecurity breach.
  • The attack is expected to have a material effect on its business.
  • It's a major hit as the company, which owns The North Face and Vans, gears up for the holiday rush.

Shares of The North Face and Vans owner VF Corp. tumbled Monday after the company reported that a hack had affected its ability to fulfill some orders ahead of the holidays.

The company said hackers encrypted "some" systems and made off with personal data. Those are some hallmarks of ransomware, where attackers try to extort companies in exchange for hefty payment. VF Corp. declined to comment on whether the incident was a ransomware attack.

The stock closed down more than 7% Monday.

Get South Florida local news, weather forecasts and entertainment stories to your inbox. Sign up for NBC South Florida newsletters.

VF Corp. announced the incident on the same day that the U.S. Securities and Exchange Commission's new cyber disclosure rules took effect. Those regulations mandate that companies report "material cybersecurity incidents" to their investors within four days of determining that a hack would have an effect on their bottom lines. VF Corp. first identified hackers in its system on Dec. 13, meaning it took relatively little time for the company to identify the threat as material.

The attack is expected to hit the company's operations in the lead up to the critical holiday shopping period. The company said the breach has affected its ability to fulfill orders, but customers will still be able to place them online.

The full scope of the attack is still not known, and it will likely continue to have a material impact until recovery efforts are complete, the company said.

Money Report

11 mins ago

36-year-old makes $37,000 a year leading Dungeons & Dragons games: If ‘you're doing it anyway, you might as well' get paid

news 22 mins ago

Mujeres tienen más probabilidades de tener dificultades económicas en la jubilación, según estudio

The new SEC rules are designed to give investors a clearer picture of how attacks can harm businesses. When casino firm Caesars Entertainment was breached earlier this year, for example, the company quietly paid a $15 million ransom, sources previously told CNBC. Only after MGM Resorts was hit by the same attacker did Caesars disclose that it had been affected.

Under the new disclosure obligations, Caesars likely would have had to report the hack and the payment much earlier. Regulators and law enforcement strongly discourage companies from paying ransoms. But given the debilitating effects that cyber disruptions can have, many companies do so anyway. 

VF Corp. is the latest major company to be hit a by cyberattack that disrupted company operations. In addition to Caesars and MGM, Clorox was hit by a breach that prevented the company from keeping its items on store shelves earlier this year.

Also on CNBC

Subscribe to the CNBC YouTube ChannelSubscribe to the CNBC YouTube Channel
Copyright CNBC

This article tagged under:

news
News Local US & World Weather Weather alerts Hurricane Season Investigations Responds Submit a tip PolitiFact Impact With Jackie Nespral South Florida Live Entertainment Latin Beat Traffic Sports Community TV Listings Contests
About NBC 6 Our News Standards Submit a Consumer Complaint Submit Photos and Video Contests Our Apps Newsletters Cozi TV
Contact Us